FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
AI Talk With Juliana Neelbauer - Episode Three - Cybersecurity Insurance: Coverage Challenges and Changes
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Protect, Prepare, Prevail: Navigating a Complex Cybersecurity World
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Crafting an Effective Law Firm Generative AI Policy for Responsible Business Use: On Record PR
2025 Privacy Law Preview: Be Prepared
Podcast - Bowling with Bumpers: Using a Privacy Framework to Set Your Company Up for a Strike
"Monsters Inc." y el tratamiento de los datos
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
AI Discrimination and Emerging Best Practices – Part 2 - The Good Bot Podcast
The Privacy Insider Podcast Ep. 8: Privacy Over Party: Peter Swire
What happens when data protection collides with the relentless pace of digital innovation? That’s the question the European Data Protection Board (EDPB) seemed to confront head-on in 2024, a year marked by unprecedented...more
The Spanish Government has published the Preliminary Draft Act for the proper use and governance of Artificial Intelligence (the "Draft Act"), which aims to complement and develop the framework set out by the AI Regulation....more
On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more
The EU Digital Operational Resilience Act (DORA) took effect on 17 January 2025 after a two-year implementation period. DORA sets out new requirements for financial entities (FEs) and their information technology and...more
The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more
More than four years after an industry trade association first filed its challenge to a November 2020 ballot initiative in Massachusetts, a federal judge issued an order in Alliance for Automotive Innovation v. Campbell...more
Every year, the Financial Industry Regulatory Authority (FINRA) issues an Annual Regulatory Report in an effort to provide FINRA Member Firms with insight into findings from FINRA’s regulatory operations programs. The Annual...more
How should multiple claimants seek compensation for alleged data misuse? It had originally been thought that the answer might be a representative action; an “opt-out” procedure enabling a single claimant to bring proceedings...more
Companies deploying high-risk artificial intelligence (AI) systems must prepare to navigate a complex landscape of new obligations by August 2, 2026. In this post we explain the key obligations for providers and deployers of...more
Turkey has published multiple guidelines on the use of AI in various sectors; Turkish government expected to enact AI-specific regulation in the near future. Laws/Regulations directly regulating AI (the “AI Regulations”) ...more
Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles. Laws/Regulations directly regulating AI (the “AI Regulations”) There are currently no AI...more
Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy. Laws/Regulations directly regulating AI (the “AI Regulations”) There is currently no specific law or...more
The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently,...more
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
On February 9, 2024, California’s Third District Court of Appeals reinstated the California Privacy Protection Agency’s (“CPPA”) ability to enforce the California Privacy Rights Act of 2020 (“CPRA”) regulations. The CPRA...more
At Cornell University, institutional review board (IRB) members meet with the chief information security officer and a liaison to the general counsel’s office. Their regular attendance has been “really critical,” said IRB...more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
A significant number of federal legislative proposals that focus on online child safety have been introduced. If enacted, they would modify online providers’ obligations to remove and report child sexual exploitation (CSE)...more
We previously reported on regulators’ increased attention to the use of big data systems, including external consumer data and information sources, algorithms and predictive models. Recent announcements in Colorado, Louisiana...more
Readers of this blog know that we’ve been closely following the California Privacy Rights Act (CPRA) rulemaking process. California passed the law in 2020 to update the California Consumer Privacy Act of 2018 with additional...more
In Part 2 of this series, we discussed how the Personal Information Protection Law (“PIPL”), the centerpiece of China’s personal information (“PI”) protection law, needs to be read in conjunction with other relevant laws,...more
Social media and influencers. Online feedback and electronic oversight. Data protection and privacy. Managing the legal issues surrounding doing business online is a significant concern for many in-house counsel. Join us for...more
Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the...more
Does the GDPR really apply to my company? From a data protection standpoint, this is the first thing that comes to mind within non-EU companies. In many cases, the GDPR seems like an issue of the Old Continent, so some assume...more